Shared content privilege modification

ABSTRACT

Shared content privilege modification is provided. An electronic message is identified containing an address for accessing shared content, where the message is for communication to a set of recipients. Existing privileges are determined for the shared content for each recipient in the set of recipients. A requested action regarding the shared content is determined by analyzing the communication using natural language processing. Privileges for the shared content are modified for at least one recipient based on the existing privileges for the at least one recipient being insufficient to perform the requested action.

BACKGROUND

The present disclosure relates to content sharing, and morespecifically, to data security for shared content.

Shared content management services allow an owner of content to sharetheir content with other users. The service may provide uniform resourcelocators (URLs) for users to access content. The shared contentmanagement services allow users to perform different actions withrespect to the content based on their assigned privileges. The owner ofthe content may assign different privileges to each user. For example,some users may only have read privileges while some users may have readand write privileges. Other users may not have any privileges withregards the content and may not be able access the content at all.

SUMMARY

According to embodiments of the present disclosure, a method isprovided. The method includes identifying an address for accessingshared content, where the message is for communication to a set ofrecipients. Existing privileges are determined for the shared contentfor each recipient in the set of recipients. A requested actionregarding the shared content is determined. Privileges for the sharedcontent are modified for at least one recipient based on the existingprivileges for the at least one recipient being insufficient to performthe requested action.

Further embodiments provide a system and a computer program product forperforming the method.

The above summary is not intended to describe each illustratedembodiment or every implementation of the present disclosure.

BRIEF DESCRIPTION OF THE DRAWINGS

The drawings included in the present application are incorporated into,and form part of, the specification. They illustrate embodiments of thepresent disclosure and, along with the description, serve to explain theprinciples of the disclosure. The drawings are only illustrative ofcertain embodiments and do not limit the disclosure.

FIG. 1 depicts a shared content privilege modification system, accordingto embodiments.

FIG. 2 depicts a flow diagram of a method for privilege modification,according to embodiments.

FIG. 3 depicts a high-level block diagram of an example computer system,according to embodiments.

While the invention is amenable to various modifications and alternativeforms, specifics thereof have been shown by way of example in thedrawings and will be described in detail. It should be understood,however, that the intention is not to limit the invention to theparticular embodiments described. On the contrary, the intention is tocover all modifications, equivalents, and alternatives falling withinthe spirit and scope of the invention.

DETAILED DESCRIPTION

Aspects of the present disclosure relate to user privileges for sharedcontent, and more particular aspects relate to modifying privileges forshared content. While the present disclosure is not necessarily limitedto such applications, various aspects of the disclosure may beappreciated through a discussion of various examples using this context.

Commonly, a user will send a message to other users with instructions totake an action with regards to shared content and include a uniformresource locator (URL) for accessing the shared content. For example, auser may send an email requesting that the recipients review and edit ashared document, and the email may provide a URL link for accessing theshared document. However, often the sender will assume that other usershave the required privileges to take the action without knowing orchecking the existing privileges. When a user does not have the requiredprivileges to perform the action, they must respond to the sender torequest a change in their privileges for the shared content. Further,the sender may not have the ability to change the existing privilegesfor the shared content and may need to contact an owner of the contentto have the privileges changed. This may cause a delay in the ability ofthe user to perform the requested action and may cause frustration.

To prevent this delay and frustration, prior to sharing URLs, owners ofcontent may grant privileges to users that are unnecessary. For example,the owners may grant privileges to users or groups that do not need anyprivileges for the shared content, may grant additional privileges tousers that do not require them, and may grant privileges to users for anindefinite period of time when a more tailored time period would besufficient. This may cause unnecessary security concerns for the sharedcontent.

Embodiments of the present disclosure provide a system for privilegemodification for shared content based on an electronic messagecontaining an address for accessing shared content. The system mayreceive a message for communication to a set of recipients that containsan address for accessing shared content. The system may determine therecipient's current privileges for the shared content. The system mayanalyze the message using natural language processing to identify anaction requested of the recipients regarding the shared content. Thesystem may modify the privileges for a recipient of the message if thecurrent privileges are insufficient to perform the requested action.

In some embodiments, the system does not analyze the message to identifyan action. In these embodiments, the system may modify privileges for arecipient of the message to provide read access to the shared content ifthe recipient does not have read access to the shared content.

As used herein, shared content may be any electronic content that can beaccessed via one or more networks by different users. Shared contentincludes, but is not limited to, documents, spreadsheets, videos, andimages. Users may be able to read, download, modify, delete, replacewith a new version, reshare, etc., the shared content depending on theshared content management service. Further, the shared contentmanagement service may restrict the ability of specific users or groupsto perform these actions based on privileges assigned to the users orgroups. Specific privileges may provide the ability to perform one ormore actions with regards to shared content.

As used herein an electronic message may be a message through any formof electronic communication. Electronic messages include, but are notlimited to, emails, texts, instant messages, channel-based messages,chat messages, and shared documents.

A system may be configured to perform one or more of the operationsdescribed herein. In some embodiments, an electronic communicationprogram installed on a user's computing system may be configured toperform one or more of the operations described herein. For example, anemail client or a shared content management client, may be configured toperform one or more of the operations. In some embodiments, one or moreof the operations are implemented using a plugin on a user's computingsystem. The plugin may provide additional functionality to a program ona user's computer. For example, one or more operations described hereinmay be performed by a plugin for an electronic communication programsuch as an email client. In some embodiments, one or more of theoperations described herein may be performed by a server or a cloudcomputing environment. For example, one or more operations may beperformed by a server or cloud computing environment that provides forthe communication of electronic messages.

In some embodiments, the electronic communication program and the sharedcontent management service may be fully integrated by a single provider.In these embodiments, a system may be able to fully effectuate each stepof the privilege modification process described herein. In otherembodiments, the system may need to send requests to another system toperform one or more operations.

In some embodiments, the system may receive the electronic message whena user initiates communication of the message. For example, initiatingcommunication of the message may include a user clicking a button intheir email client to send an email, a user clicking a button to post amessage in a channel, or a user clicking a save button on a shareddocument. In some embodiments, the system may receive the electronicmessage from a client computing system to communicate the message toothers. For example, the system may be part of an email service providerand receive an email from a first user to send to other users.

In some embodiments, the system may intercept the message. As usedherein, intercepting the message includes preventing the message frombeing communicated while one or more actions are performed. For example,when a user clicks the “send” button to send an email, the email clientmay stop the email from being sent while the system determines whetheruser privileges should be modified based on the email. In someembodiments, the system does not intercept the message and performs oneor more of the operations to modify privileges after, or in parallelwith, communication of the message (i.e., the message is communicated asnormal while the system determines whether user privileges should bemodified).

After an electronic message has been received, the system may determineif the message contains an address for accessing shared content. Theaddress may be contained within a link in the message. In someembodiments, the address is a URL. The system may be configured toidentify certain parts of an address to determine if the address directsa user to shared content. For example, the system may be configured toidentify a URL as a URL for accessing shared content based on thehostname and/or other aspects of the URL.

After the system determines that the message contains an address foraccessing shared content, the system may determine the existingprivileges for the recipients of the message. The system may obtain theexisting privileges for each of the recipients from the shared contentmanagement service. In some embodiments, the system may use browseraccess to obtain data from the shared content management service overthe web. In some embodiments, the system requests privileges for eachuser using an application programming interface (API).

In some embodiments, the system may use the same identifier for the useras used for the communication. For example, a recipient's email addressmay also be the user identifier for the user on the shared contentmanagement service.

In some embodiments, the system may perform entity resolution toidentify a corresponding identifier used by the shared contentmanagement service (i.e., the identifier used for the communication maybe used to determine a corresponding identifier for the shared contentmanagement service). For example, if the shared content managementservice uses single sign-on, the system may use an API to obtain ausername for a recipient from the single sign-on provider using therecipients contact information. In some embodiments, the system and theshared content management service may share a common registry, such thatthe system may identify the user using the common registry. In someembodiments, a public registry may be used to determine the appropriateidentifier. For example, an email address may be used to identify anentity in a public registry that contains an identifier for the sharedcontent management service.

The system may analyze the message using natural language processing(NLP) to determine whether the message requests that the recipients totake an action with regards to the shared content. For example, themessage could contain statements such as “Feel free to add items”,“Please update”, or “Can you add details to the top section?”. Thesystem may determine that each of these example statements requests thatthe recipient edit the shared content. Alternatively, the message couldcontain statements such as “Did you see this?” or “Please read.” Thesystem may determine that each of these example statements require thatthe recipient can view the shared content. Other requested actions mayinclude download, delete, replace with a new version, reshare, or anyother action allowed by the shared content management service.

The system may then determine whether the existing privileges for eachof the recipients are sufficient for the recipients to perform therequested actions. To compare the existing privileges with the requestedactions, the system may need to correlate the requested action with aprivilege in the shared content management service. In some embodiments,the NLP processing may be configured to tag the requested actions withthe corresponding privileges needed. In some embodiments, the system maydetermine a corresponding privilege that is required for each requestedaction. For example, the system may store a table with actions andcorresponding privileges and use the table to identify a privilegecorresponding to a requested action.

The system may modify the privileges if they are not sufficient toperform the requested action. The system may be configured to modify theprivileges using an API. In some embodiments, the system may notify thesender when the privileges are insufficient and prompt the user toapprove modifying the privileges before performing the modification.

If the sender does not have permission to modify the privileges for theshared content, the system may be configured to request permission froma user that is able to give access. In some embodiments, the system mayidentify one or more owners of the shared content and request permissionto modify the privileges. For example, the system may identify an ownerfrom a user list and prompt the owner to approve or disapprove theprivilege modification. In some embodiments, the system may request aprivilege modification from the shared content management service andthe shared content management service may contact one or more owners toapprove the privilege modification.

In some embodiments, the system may further identify time limitationswith respect to the requested actions. The time limitation maycorrespond to a starting time for the modified privileges and/or an endtime for the modified privileges. For example, the message could containa statement such as “Please handle this week” or “Don't share thisbefore Tuesday.” When the system identifies a time limitationcorresponding to the requested action, the system may determine acorresponding start time and/or end time for the change in privilegesfor the shared content. In some embodiments, the system may simply usethe period of time identified in the message. In some embodiments, theperiod of time identified in the message may be changed by apredetermined amount. For example, if the message requests thatparticipants edit a shared document by Tuesday, the system may beconfigured to have the period of time to expire on Wednesday.

In some embodiments, the system may send an instruction to the sharedcontent management service to modify the privileges at the start timeand revert the privileges back to the existing privileges at the endtime. For example, the system may instruct the shared content managementservice to modify the privileges at a specified time and include anexpiration for the modified privileges. In some embodiments, the systemmay schedule a time for the system to modify the privileges. Forexample, the system may schedule a start time when the system willmodify privileges through an API and the system may schedule an end timewhen the system will revert the privileges back to the existingprivileges through the API.

In some embodiments, when a user attempts to perform an action thatrequires the modified privileges after the modification of privilegeshave expired, a request may be communicated to the sender to approveanother modification of the privileges. For example, an initial emailfrom the sender may request that the recipients provide their edits on ashared document by Tuesday. The system may modify the privileges toallow for editing and have the privileges expire on Tuesday. A recipientthat tries to edit the document on Wednesday may initiate a request tothe sender to modify the privileges to allow editing for the recipient.

In some embodiments, the predetermined amount for changing the period oftime identified in a message may be determined using machine learning.The system may store historical information relating to the privilegemodification, requests for modified privileges after the privileges haveexpired, and the results of the request. Based on this information, thesystem may determine appropriate changes to the period of timeidentified in the message. For example, if a sender consistentlyreceives requests for modified privileges after the modification ofprivileges has expired and the sender consistently approves therequests, the system may learn to automatically approve an extension ofthe period of time. In some embodiments, the system may learn to modifythe amount of the extension of the period of time based on the type ofshared content and/or the recipients.

In some embodiments, the modification of privileges for a first sharedcontent based on an initial electronic communication may cause themodification of privileges for a second shared content. For example,where the first shared content is a shared document that containsinstructions to perform an action with regards to a second sharedcontent and the privileges are modified to provide read access toadditional users for the shared document, the system may perform theprivilege modification operations for the additional users regarding thesecond shared content using the shared document as the electroniccommunication (i.e., the system may identify the existing privileges forthe additional users with regards to the second shared content, identifythe requested actions in the shared document with regards to the secondshared content, and modify privileges for each of the additional userswith regards to the second shared content if the existing privileges arenot sufficient to perform the requested actions).

Referring now to FIG. 1, a shared content privilege modification system100 is depicted, according to embodiments. As used herein, a module maybe a combination of hardware and software configured to perform a set ofoperations. System 100 may be a single computer system or may be acombination of computing systems in communication over one or morenetworks.

System 100 includes a receiving module 110, a privilege determiningmodule 120, a requested action identifying module 130, a privilegemodification module 140, an expiration request module 150, and a machinelearning module 160. Receiving module 110 may receive an electroniccommunication containing an address for shared content. Privilegedetermining module 120 may determine existing privileges with regards tothe shared content for the recipients of the electronic communication.Requested action identifying module 130 may identify requested actionsin the electronic communication with regards to the shared content.Privilege modification module 140 may modify privileges for recipientswhen the existing privileges are insufficient to perform the requestedactions. Expiration request module 150 may handle requests for privilegemodification when a recipient attempts an action after expiration oftheir modified privileges. Machine learning module 160 may performmachine learning on historical expiration requests to determineappropriate expiration times for modified privileges.

Referring now to FIG. 2, a flow diagram of a method 200 for privilegemodification is depicted, according to embodiments. Method 200 may beperformed by a computer system such as computer system 100 depicted inreference to FIG. 1.

At operation 210, an electronic message is received. An electronicmessage may be received when a sender attempts to communicate a messageto a set of recipients.

At operation 220, it is determined whether the electronic messagecontains an address for accessing shared content. The electronic messagemay be searched for an address and the address may be analyzed todetermine if it is for accessing shared content. For example, theelectronic message may be searched for a URL and it may be determinedwhether the URL is for accessing shared content on a shared contentmanagement service. If the electronic message does not contain anaddress for accessing shared content, the message may be communicated atoperation 270.

If the electronic message does contain an address for accessing sharedcontent at operation 220, existing privileges for the recipients aredetermined for the shared content at operation 230. The permissions listfor the shared content may be accessed or requested from the sharedcontent management service.

At operation 240, the electronic message may be analyzed to determinerequested actions with regards to the shared content. The electronicmessage may be analyzed using NLP to identify actions requested of therecipients. In some embodiments, when an action requested of therecipient is not identified, it is assumed that the recipients stillneed read access. In some embodiments, the electronic message is notanalyzed to identify a requested action. In these embodiments, theaction requested of the recipient may preconfigured. For example, thesystem may be configured to determine that the recipients need readaccess for the shared content without analyzing the message to find aspecific request to view the shared content.

At operation 250, it is determined whether the existing privileges foreach recipient of the electronic message are sufficient for therecipient to perform the requested actions. If the existing privilegesare sufficient for each of the recipients, the electronic message may becommunicated at operation 270.

If the existing privileges are not sufficient for one or more recipientsof the message at operation 250, the privileges for the one or morerecipients may be modified at operation 260. In some embodiments, theprivileges may be directly modified. In other embodiments, a request maybe made to the shared content management service or an owner of theshared content to modify the privileges. After, the privileges aremodified, the electronic message may be communicated at operation 270.

Referring now to FIG. 3, shown is a high-level block diagram of anexample computer system 301 that may be used in implementing one or moreof the methods, tools, and modules, and any related functions, describedherein (e.g., using one or more processor circuits or computerprocessors of the computer), in accordance with embodiments of thepresent disclosure. In some embodiments, the major components of thecomputer system 301 may comprise one or more CPUs 302, a memorysubsystem 304, a terminal interface 312, a storage interface 316, an I/O(Input/Output) device interface 314, and a network interface 318, all ofwhich may be communicatively coupled, directly or indirectly, forinter-component communication via a memory bus 303, an I/O bus 308, andan I/O bus interface unit 310.

The computer system 301 may contain one or more general-purposeprogrammable central processing units (CPUs) 302A, 302B, 302C, and 302D,herein generically referred to as the CPU 302. In some embodiments, thecomputer system 301 may contain multiple processors typical of arelatively large system; however, in other embodiments the computersystem 301 may alternatively be a single CPU system. Each CPU 302 mayexecute instructions stored in the memory subsystem 304 and may includeone or more levels of on-board cache.

System memory 304 may include computer system readable media in the formof volatile memory, such as random access memory (RAM) 322 or cachememory 324. Computer system 301 may further include otherremovable/non-removable, volatile/non-volatile computer system storagemedia. By way of example only, storage system 326 can be provided forreading from and writing to a non-removable, non-volatile magneticmedia, such as a “hard drive.” Although not shown, a magnetic disk drivefor reading from and writing to a removable, non-volatile magnetic disk(e.g., a “floppy disk”), or an optical disk drive for reading from orwriting to a removable, non-volatile optical disc such as a CD-ROM,DVD-ROM or other optical media can be provided. In addition, memory 304can include flash memory, e.g., a flash memory stick drive or a flashdrive. Memory devices can be connected to memory bus 303 by one or moredata media interfaces. The memory 304 may include at least one programproduct having a set (e.g., at least one) of program modules that areconfigured to carry out the functions of various embodiments.

One or more programs/utilities 328, each having at least one set ofprogram modules 330 may be stored in memory 304. The programs/utilities328 may include a hypervisor (also referred to as a virtual machinemonitor), one or more operating systems, one or more applicationprograms, other program modules, and program data. Each of the operatingsystems, one or more application programs, other program modules, andprogram data or some combination thereof, may include an implementationof a networking environment. Program modules 330 generally perform thefunctions or methodologies of various embodiments.

Although the memory bus 303 is shown in FIG. 3 as a single bus structureproviding a direct communication path among the CPUs 302, the memorysubsystem 304, and the I/O bus interface 310, the memory bus 303 may, insome embodiments, include multiple different buses or communicationpaths, which may be arranged in any of various forms, such aspoint-to-point links in hierarchical, star or web configurations,multiple hierarchical buses, parallel and redundant paths, or any otherappropriate type of configuration. Furthermore, while the I/O businterface 310 and the I/O bus 308 are shown as single respective units,the computer system 301 may, in some embodiments, contain multiple I/Obus interface units 310, multiple I/O buses 308, or both. Further, whilemultiple I/O interface units are shown, which separate the I/O bus 308from various communications paths running to the various I/O devices, inother embodiments some or all of the I/O devices may be connecteddirectly to one or more system I/O buses.

In some embodiments, the computer system 301 may be a multi-usermainframe computer system, a single-user system, or a server computer orsimilar device that has little or no direct user interface, but receivesrequests from other computer systems (clients). Further, in someembodiments, the computer system 301 may be implemented as a desktopcomputer, portable computer, laptop or notebook computer, tabletcomputer, pocket computer, telephone, smart phone, network switches orrouters, or any other appropriate type of electronic device.

It is noted that FIG. 3 is intended to depict the representative majorcomponents of an exemplary computer system 301. In some embodiments,however, individual components may have greater or lesser complexitythan as represented in FIG. 3, components other than or in addition tothose shown in FIG. 3 may be present, and the number, type, andconfiguration of such components may vary.

In addition to embodiments described above, other embodiments havingfewer operational steps, more operational steps, or differentoperational steps are contemplated. Also, some embodiments may performsome or all of the above operational steps in a different order. Themodules are listed and described illustratively according to anembodiment and are not meant to indicate necessity of a particularmodule or exclusivity of other potential modules (or functions/purposesas applied to a specific module).

In the foregoing, reference is made to various embodiments. It should beunderstood, however, that this disclosure is not limited to thespecifically described embodiments. Instead, any combination of thedescribed features and elements, whether related to differentembodiments or not, is contemplated to implement and practice thisdisclosure. Many modifications and variations may be apparent to thoseof ordinary skill in the art without departing from the scope and spiritof the described embodiments. Furthermore, although embodiments of thisdisclosure may achieve advantages over other possible solutions or overthe prior art, whether or not a particular advantage is achieved by agiven embodiment is not limiting of this disclosure. Thus, the describedaspects, features, embodiments, and advantages are merely illustrativeand are not considered elements or limitations of the appended claimsexcept where explicitly recited in a claim(s).

The present invention may be a system, a method, and/or a computerprogram product. The computer program product may include a computerreadable storage medium (or media) having computer readable programinstructions thereon for causing a processor to carry out aspects of thepresent invention.

The computer readable storage medium can be a tangible device that canretain and store instructions for use by an instruction executiondevice. The computer readable storage medium may be, for example, but isnot limited to, an electronic storage device, a magnetic storage device,an optical storage device, an electromagnetic storage device, asemiconductor storage device, or any suitable combination of theforegoing. A non-exhaustive list of more specific examples of thecomputer readable storage medium includes the following: a portablecomputer diskette, a hard disk, a random access memory (RAM), aread-only memory (ROM), an erasable programmable read-only memory (EPROMor Flash memory), a static random access memory (SRAM), a portablecompact disc read-only memory (CD-ROM), a digital versatile disk (DVD),a memory stick, a floppy disk, a mechanically encoded device such aspunch-cards or raised structures in a groove having instructionsrecorded thereon, and any suitable combination of the foregoing. Acomputer readable storage medium, as used herein, is not to be construedas being transitory signals per se, such as radio waves or other freelypropagating electromagnetic waves, electromagnetic waves propagatingthrough a waveguide or other transmission media (e.g., light pulsespassing through a fiber-optic cable), or electrical signals transmittedthrough a wire.

Computer readable program instructions described herein can bedownloaded to respective computing/processing devices from a computerreadable storage medium or to an external computer or external storagedevice via a network, for example, the Internet, a local area network, awide area network and/or a wireless network. The network may comprisecopper transmission cables, optical transmission fibers, wirelesstransmission, routers, firewalls, switches, gateway computers, and/oredge servers. A network adapter card or network interface in eachcomputing/processing device receives computer readable programinstructions from the network and forwards the computer readable programinstructions for storage in a computer readable storage medium withinthe respective computing/processing device.

Computer readable program instructions for carrying out operations ofthe present invention may be assembler instructions,instruction-set-architecture (ISA) instructions, machine instructions,machine dependent instructions, microcode, firmware instructions,state-setting data, or either source code or object code written in anycombination of one or more programming languages, including an objectoriented programming language such as Java, Smalltalk, C++ or the like,and conventional procedural programming languages, such as the “C”programming language or similar programming languages. The computerreadable program instructions may execute entirely on the user'scomputer, partly on the user's computer, as a stand-alone softwarepackage, partly on the user's computer and partly on a remote computeror entirely on the remote computer or server. In the latter scenario,the remote computer may be connected to the user's computer through anytype of network, including a local area network (LAN) or a wide areanetwork (WAN), or the connection may be made to an external computer(for example, through the Internet using an Internet Service Provider).In some embodiments, electronic circuitry including, for example,programmable logic circuitry, field-programmable gate arrays (FPGA), orprogrammable logic arrays (PLA) may execute the computer readableprogram instructions by utilizing state information of the computerreadable program instructions to personalize the electronic circuitry,in order to perform aspects of the present invention.

Aspects of the present invention are described herein with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems), and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer readable program instructions.

These computer readable program instructions may be provided to aprocessor of a general purpose computer, special purpose computer, orother programmable data processing apparatus to produce a machine, suchthat the instructions, which execute via the processor of the computeror other programmable data processing apparatus, create means forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks. These computer readable program instructionsmay also be stored in a computer readable storage medium that can directa computer, a programmable data processing apparatus, and/or otherdevices to function in a particular manner, such that the computerreadable storage medium having instructions stored therein comprises anarticle of manufacture including instructions which implement aspects ofthe function/act specified in the flowchart and/or block diagram blockor blocks.

The computer readable program instructions may also be loaded onto acomputer, other programmable data processing apparatus, or other deviceto cause a series of operational steps to be performed on the computer,other programmable apparatus or other device to produce a computerimplemented process, such that the instructions which execute on thecomputer, other programmable apparatus, or other device implement thefunctions/acts specified in the flowchart and/or block diagram block orblocks.

The flowchart and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods, and computer program products according to variousembodiments of the present invention. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof instructions, which comprises one or more executable instructions forimplementing the specified logical function(s). In some alternativeimplementations, the functions noted in the block may occur out of theorder noted in the figures. For example, two blocks shown in successionmay, in fact, be accomplished as one step, executed concurrently,substantially concurrently, in a partially or wholly temporallyoverlapping manner, or the blocks may sometimes be executed in thereverse order, depending upon the functionality involved. It will alsobe noted that each block of the block diagrams and/or flowchartillustration, and combinations of blocks in the block diagrams and/orflowchart illustration, can be implemented by special purposehardware-based systems that perform the specified functions or acts orcarry out combinations of special purpose hardware and computerinstructions.

While the foregoing is directed to exemplary embodiments, other andfurther embodiments of the invention may be devised without departingfrom the basic scope thereof, and the scope thereof is determined by theclaims that follow. The descriptions of the various embodiments of thepresent disclosure have been presented for purposes of illustration, butare not intended to be exhaustive or limited to the embodimentsdisclosed. Many modifications and variations will be apparent to thoseof ordinary skill in the art without departing from the scope and spiritof the described embodiments. The terminology used herein was chosen toexplain the principles of the embodiments, the practical application ortechnical improvement over technologies found in the marketplace, or toenable others of ordinary skill in the art to understand the embodimentsdisclosed herein.

The terminology used herein is for the purpose of describing particularembodiments only and is not intended to be limiting of the variousembodiments. As used herein, the singular forms “a,” “an,” and “the” areintended to include the plural forms as well, unless the context clearlyindicates otherwise. “Set of,” “group of,” “bunch of,” etc. are intendedto include one or more. It will be further understood that the terms“includes” and/or “including,” when used in this specification, specifythe presence of the stated features, integers, steps, operations,elements, and/or components, but do not preclude the presence oraddition of one or more other features, integers, steps, operations,elements, components, and/or groups thereof. In the previous detaileddescription of exemplary embodiments of the various embodiments,reference was made to the accompanying drawings (where like numbersrepresent like elements), which form a part hereof, and in which isshown by way of illustration specific exemplary embodiments in which thevarious embodiments may be practiced. These embodiments were describedin sufficient detail to enable those skilled in the art to practice theembodiments, but other embodiments may be used and logical, mechanical,electrical, and other changes may be made without departing from thescope of the various embodiments. In the previous description, numerousspecific details were set forth to provide a thorough understanding thevarious embodiments. But, the various embodiments may be practicedwithout these specific details. In other instances, well-known circuits,structures, and techniques have not been shown in detail in order not toobscure embodiments.

The descriptions of the various embodiments of the present disclosurehave been presented for purposes of illustration, but are not intendedto be exhaustive or limited to the embodiments disclosed. Manymodifications and variations will be apparent to those of ordinary skillin the art without departing from the scope and spirit of the describedembodiments. The terminology used herein was chosen to explain theprinciples of the embodiments, the practical application or technicalimprovement over technologies found in the marketplace, or to enableothers of ordinary skill in the art to understand the embodimentsdisclosed herein.

What is claimed is:
 1. A method comprising: identifying an electronicmessage containing an address for accessing shared content, the messagefor communication to a set of recipients; determining existingprivileges for the shared content for each recipient in the set ofrecipients; determining a requested action regarding the shared content;and modifying, for at least one recipient in the set of recipients,privileges for the shared content based on the existing privileges forthe at least one recipient being insufficient to perform the requestedaction.
 2. The method of claim 1, wherein the determining the requestedaction regarding the shared content includes analyzing the communicationusing natural language processing.
 3. The method of claim 1, furthercomprising: determining, by analyzing the communication using naturallanguage processing, a start time for the requested action, wherein themodifying privileges for the shared content includes scheduling a changein privileges based on the start time.
 4. The method of claim 1, furthercomprising: determining, by analyzing the communication using naturallanguage processing, an end time for the requested action; andscheduling, based on the end time, modification of the privileges forthe at least one recipient back to the existing privileges.
 5. Themethod of claim 1, further comprising: identifying a second messagecontaining a second address for accessing a second shared content, thesecond message for communication to a second set of recipients;determining second existing privileges for the second shared content foreach recipient in the second set of recipients; determining, byanalyzing the second message using natural language processing, a secondrequested action regarding the second shared content; determining that asender of the second message does not have permission to modifyprivileges for the second shared content; and sending a request tomodify privileges for the second shared content to a user withpermission to modify privileges for the second shared content based onthe second existing privileges for at least one recipient in the secondset of recipients being insufficient to perform the second requestedaction.
 6. The method of claim 1, further comprising: interceptingcommunication of the message; and communicating the message to the setof recipients after modifying privileges for the shared content.
 7. Themethod of claim 1, wherein the shared content is a shared document, themethod further comprising: identifying a second address for accessingsecond shared content in the shared document; determining secondexisting privileges for the second shared content for the at least onerecipient; determining, by analyzing the shared document using naturallanguage processing, a second requested action regarding the secondshared content; and modifying, for the at least one recipient,privileges for the second shared content based on the second existingprivileges for the at least one recipient being insufficient to performthe second requested action.
 8. A computer program product comprisingone or more computer readable storage media having program instructionsembodied therewith, the program instructions executable by a processorto cause the processor to perform operations comprising: identifying anelectronic message containing a uniform resource locator (URL) foraccessing shared content, the message for communication to a set ofrecipients; determining existing privileges for the shared content foreach recipient in the set of recipients; determining a requested actionregarding the shared content; and modifying, for at least one recipientin the set of recipients, privileges for the shared content based on theexisting privileges for the at least one recipient being insufficient toperform the requested action.
 9. The computer program product of claim8, wherein the determining the requested action regarding the sharedcontent includes analyzing the communication using natural languageprocessing.
 10. The computer program product of claim 8, wherein theoperations further comprise: determining, by analyzing the communicationusing natural language processing, a start time for the requestedaction, wherein the modifying privileges for the shared content includesscheduling a change in privileges based on the start time.
 11. Thecomputer program product of claim 8, wherein the operations furthercomprise: determining, by analyzing the communication using naturallanguage processing, an end time for the requested action; andscheduling, based on the end time, modification of the privileges forthe at least one recipient back to the existing privileges.
 12. Thecomputer program product of claim 8, wherein the operations furthercomprise: identifying a second message containing a second address foraccessing a second shared content, the second message for communicationto a second set of recipients; determining second existing privilegesfor the second shared content for each recipient in the second set ofrecipients; determining, by analyzing the second message using naturallanguage processing, a second requested action regarding the secondshared content; determining that a sender of the second message does nothave permission to modify privileges for the second shared content; andsending a request to modify privileges for the second shared content toa user with permission to modify privileges for the second sharedcontent based on the second existing privileges for at least onerecipient in the second set of recipients being insufficient to performthe second requested action.
 13. The computer program product of claim8, wherein the operations further comprise: intercepting communicationof the message; and communicating the message to the set of recipientsafter modifying privileges for the shared content.
 14. The computerprogram product of claim 8, wherein the shared content is a shareddocument, and wherein the operations further comprise: identifying asecond address for accessing second shared content in the shareddocument; determining second existing privileges for the second sharedcontent for the at least one recipient; determining, by analyzing theshared document using natural language processing, a second requestedaction regarding the second shared content; and modifying, for the atleast one recipient, privileges for the second shared content based onthe second existing privileges for the at least one recipient beinginsufficient to perform the second requested action.
 15. A systemcomprising: one or more processors; and one or more computer readablestorage media storing program instructions executable by the one or moreprocessors to cause the one or more processors to perform operationscomprising: identifying an electronic message containing a uniformresource locator (URL) for accessing shared content, the message forcommunication to a set of recipients; determining existing privilegesfor the shared content for each recipient in the set of recipients;determining a requested action regarding the shared content; andmodifying, for at least one recipient in the set of recipients,privileges for the shared content based on the existing privileges forthe at least one recipient being insufficient to perform the requestedaction.
 16. The system of claim 15, wherein the determining therequested action regarding the shared content includes analyzing thecommunication using natural language processing.
 17. The system of claim15, wherein the operations further comprise: determining, by analyzingthe communication using natural language processing, a start time forthe requested action, wherein the modifying privileges for the sharedcontent includes scheduling a change in privileges based on the starttime.
 18. The system of claim 15, wherein the operations furthercomprise: determining, by analyzing the communication using naturallanguage processing, an end time for the requested action; andscheduling, based on the end time, modification of the privileges forthe at least one recipient back to the existing privileges.
 19. Thesystem of claim 15, wherein the operations further comprise: identifyinga second message containing a second address for accessing a secondshared content, the second message for communication to a second set ofrecipients; determining second existing privileges for the second sharedcontent for each recipient in the second set of recipients; determining,by analyzing the second message using natural language processing, asecond requested action regarding the second shared content; determiningthat a sender of the second message does not have permission to modifyprivileges for the second shared content; and sending a request tomodify privileges for the second shared content to a user withpermission to modify privileges for the second shared content based onthe second existing privileges for at least one recipient in the secondset of recipients being insufficient to perform the second requestedaction.
 20. The system of claim 15, wherein the operations furthercomprise: intercepting communication of the message; and communicatingthe message to the set of recipients after modifying privileges for theshared content.